The present disclosure relates generally to managing access to an enterprise system using remote devices. More particularly, techniques are disclosed for unifying management of remote devices and user identities for enabling access to an enterprise system. Techniques are disclosed for managing provisioning of applications on remote devices to access resources in an enterprise system.
With the proliferation of devices including mobile devices, many enterprises are adopting a “bring your own device” (BYOD) policy. BYOD enables users to bring their own devices to connect to an enterprise's system to access resources (e.g., applications or data) provided by the enterprise. A BYOD policy may permit users to continue use of their own devices for personal use. Managing different uses (e.g., personal use and corporate use) of user-owned devices in an enterprise system becomes a paramount concern for an enterprise. Permitting user-owned devices to access an enterprise system can present new security risks. Once access to an enterprise system is obtained by a user-owned device, the enterprise system may be exposed to security risks from non-compliant devices and non-compliant use of devices. Enterprise systems may be challenged to find ways to separate personal data from enterprise data on user-owned devices. User-owned devices may contain personal information and have special privacy considerations. Many user-owned devices may lack enterprise security controls to enable integration of those devices into an enterprise system. Security becomes an even greater concern when user-owned devices are compromised (e.g., hacked, stolen, or lost). Enterprises are searching for new and improved ways to integrate user-owned devices with the enterprise identity governance and access control infrastructure for security and compliance reasons.
To facilitate management of user-owned devices and corporate devices that access an enterprise system, some enterprises may implement a mobile device management (MDM) system and/or a mobile application management (MAM) system. Such systems may facilitate management and control of access to an enterprise system to ensure an enterprise system and its resources are secured. Management and control of access to an enterprise system may include communicating information about compliance and resources, and actions that must be taken for maintaining access to the enterprise system.
An enterprise having thousands of users (e.g., employees, contractors, and customers) may be faced with the task of managing access and compliance for thousands of devices that access the enterprise. Users may operate different devices and may have different roles for accessing an enterprise system. Many users may be burdened with managing access and compliance for an enterprise system, which often times may be complex. To complicate matters further, users may have registered different types of devices, some of which may need to be configured differently for an application. For example, an application may be configured differently based on a type of a device and/or a platform (e.g., operating system) supporting the application. For users that operate multiple devices, these users may be challenged with keeping track of the different factors that affect the configuration of an application to access a resource in an enterprise system. Enterprises may have a difficult time to get users to comply with their policies and to configure application for accessing resources provided by those enterprises. To further complicate matters, users may operate devices differently with respect to personal use, such that enterprises are challenged with ways to ensure that each device associated with a user is able to access resources provided by the enterprise.
As a result of the complexities of managing devices that access an enterprise system, enterprises and users accessing resources provided by the enterprises are unable to routinely manage the configuration of applications. To ensure that access to an enterprise system is not compromised, an enterprise may completely restrict or inhibit access to an enterprise system when a configuration of an application to access to a resource has changed. Such change may be brought on by a change in a user's role or a change in a policy (e.g., an access policy or a compliance policy) for accessing an enterprise. Some applications may need to be manually configured for compliance. As a result, users may be burdened with having to individually adjust a configuration of their applications on each of their devices. Enterprises are searching for ways to manage a configuration of the applications that enable devices to access resources in an enterprise system.